826b9e73bc
Malcode samples - need to turn into lessons
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@388 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-26 11:24:12 +00:00
c3fe7cece9
Including one small documentation change: giving credit to Sherif Koussa's original CSRF lesson
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@387 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-23 21:29:42 +00:00
d971d2f734
Including one small documentation change: giving credit to Sherif Koussa's original CSRF lesson
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@387 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-23 21:29:42 +00:00
d2a6a2b272
This change includes two additional CSRF lessons. One for
...
by-passing a prompt (showing why prompts don't work). The second for
by-passing CSRF tokens when XSS exists.
It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@386 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-23 21:23:17 +00:00
85c6843ee4
This change includes two additional CSRF lessons. One for
...
by-passing a prompt (showing why prompts don't work). The second for
by-passing CSRF tokens when XSS exists.
It also modifies the existing CSRF lesson so that the lesson
can be extended and used by the two new lessons.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@386 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-23 21:23:17 +00:00
b4af6471b1
Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library).
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@385 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-20 04:30:00 +00:00
72936c72b9
Three new lessons and supporting files and changes to other files. Some changes to other files may not be quite the "right" way to accomplish my goal, so they may need to be updated. I deleted the old BlindSQLInjection lesson (which was by me) since it is replaced by the two new lessons for BlindNumericSqlInjection and BlindStringSqlInjection. Other new lesson is for MaliciousFileExecution, which requires the Apache Commons fileupload library (which in turn needs the commons io library).
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@385 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-20 04:30:00 +00:00
4f3892a0b6
Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@384 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-20 03:56:46 +00:00
cef196e172
Re-adding .jar file that appears to have been removed recently. Re-adding this file should fix build some build errors.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@384 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-20 03:56:46 +00:00
c1af5e86b0
initial version of pom.xml
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@383 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-12 21:06:55 +00:00
c00b8b2dfe
initial version of pom.xml
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@383 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-12 21:06:55 +00:00
e3af09e500
infos to dependencies
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@382 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 15:19:25 +00:00
271d746153
infos to dependencies
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@382 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 15:19:25 +00:00
94378680ca
replaced jars with versions from maven repo to prepare migration
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@381 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 13:47:42 +00:00
34270c8931
replaced jars with versions from maven repo to prepare migration
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@381 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 13:47:42 +00:00
62bc77cbe7
replaced jars with versions from maven repo to prepare migration
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@380 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 11:07:01 +00:00
24acd5081d
replaced jars with versions from maven repo to prepare migration
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@380 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-11 11:07:01 +00:00
de18bc56d2
replaced axis jars with versions from maven repo; removed catalina.jar no longer needed
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@379 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-10 23:39:11 +00:00
c719c47128
replaced axis jars with versions from maven repo; removed catalina.jar no longer needed
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@379 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-10 23:39:11 +00:00
215caee8be
fixed typo (Issue 29) - test commit
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@378 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-07 21:15:11 +00:00
87ce172faa
fixed typo (Issue 29) - test commit
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@378 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-10-07 21:15:11 +00:00
4897249cb8
5.3 Logo
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@377 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-04 13:06:48 +00:00
f5200a8fd0
5.3 Logo
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@377 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-04 13:06:48 +00:00
976671949e
Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@376 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 18:16:51 +00:00
0032ffdbfc
Changed the credit card user to be the user that was logged in as. Also base64 encoded the user cookie to make finding sql injection slightly harder.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@376 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 18:16:51 +00:00
b63d0a6886
Changed the class build.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@375 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 17:56:48 +00:00
cafcea2ae9
Changed the class build.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@375 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 17:56:48 +00:00
3cf801f58f
Removed errors introduced in previous checkin. String and integer conflicts in JSP
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@374 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 17:55:27 +00:00
88a730f225
Removed errors introduced in previous checkin. String and integer conflicts in JSP
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@374 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-02-03 17:55:27 +00:00
b8c1d13e50
Lots of wording changes and HTML fixes.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@373 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-01-06 21:06:42 +00:00
97571dbe90
Lots of wording changes and HTML fixes.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@373 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-01-06 21:06:42 +00:00
8a372baa01
Fixing wording a smidge.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@372 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-01-06 20:19:22 +00:00
5506f1c279
Fixing wording a smidge.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@372 4033779f-a91e-0410-96ef-6bf7bf53c507
2009-01-06 20:19:22 +00:00
01b845beb9
Changes by Chris Roe to fix lesson issues with FireFox.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@371 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-17 13:06:29 +00:00
9331ef0d9a
Changes by Chris Roe to fix lesson issues with FireFox.
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@371 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-17 13:06:29 +00:00
7a55b7e02f
fixed a typo
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@370 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-11 21:15:20 +00:00
6d1158c40c
fixed a typo
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@370 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-11 21:15:20 +00:00
711097a340
Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues.
...
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect. If I'm mistaken on that, feel free to revert that part of the explanation.
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@369 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-11 20:04:15 +00:00
64899b3ee3
Standardized all the HTML, clarified things, and fixed a whole bunch of grammar issues.
...
I also changed the explanation for Browser Cache Poisoning; the old explanation was incorrect. If I'm mistaken on that, feel free to revert that part of the explanation.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@369 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-11 20:04:15 +00:00
696550ccb0
Minor syntax issue with the word prename in the instructions - reported by April King
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@368 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-10 23:52:04 +00:00
f6e994b14e
Minor syntax issue with the word prename in the instructions - reported by April King
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@368 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-12-10 23:52:04 +00:00
7998e60f29
Removed hardcoded webgoat path for URLs
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@367 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 16:57:23 +00:00
9d8c58bef3
Removed hardcoded webgoat path for URLs
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 16:57:23 +00:00
c0d2d13e5a
Reported by dwpoon, Yesterday (17 hours ago)
...
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson. This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html
Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 12:57:14 +00:00
bab1f6aeb7
Reported by dwpoon, Yesterday (17 hours ago)
...
I would like to submit the attached patch to avoid hard-coding
"/WebGoat" as the webapp's context path, at least for the HTTP splitting
lesson. This issue has also been reported in July 2007; see
https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html
Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15
git-svn-id: http://webgoat.googlecode.com/svn/trunk@366 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 12:57:14 +00:00
3412f1e984
Contribution by Kristian Erik Hermansen. Fixed to work with 1.6
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@365 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-09-09 15:32:23 +00:00
58aa49317a
Contribution by Kristian Erik Hermansen. Fixed to work with 1.6
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@365 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-09-09 15:32:23 +00:00
5854b66614
minor bug fixes and enhancements, including proper dollar value formatting
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-08-14 14:31:17 +00:00
5337ef31ff
minor bug fixes and enhancements, including proper dollar value formatting
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk@364 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-08-14 14:31:17 +00:00
71e53c1ffb
removing unused folder
...
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@363 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-08-14 12:56:14 +00:00
